Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
Sam Altman’s AgentKit empowers anyone to build AI agents without code, while Chamath Palihapitiya’s “Software Factory” vision reimagines solo founders as AI-powered creators. As Elon Musk pushes his truth-seeking xAI, Silicon Valley’s battle for the future of intelligence intensifies.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
Cyber News Centre's cyber update for 13th October 2025: Williams & Connolly, has confirmed it was targeted by a sophisticated cyberattack involving a zero-day vulnerability. The incident, believed to be the work of a nation-state actor, resulted in unauthorised access to a small number of attorney email accounts.
Williams & Connolly is a prominent American law firm known for its high-stakes litigation and representation of influential clients. Its roster has included former U.S. presidents, major corporations, and high-profile individuals in white-collar criminal defense cases.
The Update: Williams & Connolly disclosed on October 9th that it recently discovered a cybersecurity incident where attackers leveraged a previously unknown zero-day vulnerability. An investigation, assisted by cybersecurity firm CrowdStrike, attributed the intrusion to a nation-state group suspected of being linked to China. The attackers gained access to a small number of attorney email accounts, but the firm stated there is
"no evidence that confidential client data was extracted from any other part of our IT system, including from databases where client files are stored."
The firm has since blocked the threat actor and reports no further unauthorised activity. The attack is part of a wider espionage campaign that has targeted multiple U.S. law firms and technology companies in recent months, seeking intelligence on politically and economically sensitive cases. The specific vulnerability exploited in the attack has not been publicly identified.
Why it Matters: This breach highlights the acute vulnerability of the legal sector to state-sponsored espionage. Law firms are treasure troves of sensitive, non-public information related to national security, trade negotiations, and corporate strategy, making them high-value targets for intelligence gathering.
The use of a zero-day exploit demonstrates a high level of sophistication and resourcefulness, underscoring the persistent and advanced nature of threats facing not just U.S. firms, but also their international counterparts.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
The NSW Reconstruction Authority has confirmed a major data breach affecting 3,000 flood victims after a contractor uploaded sensitive personal and health information to ChatGPT. The breach, undisclosed for more than six months, raises serious concerns about security and transparency.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
